CVE-2001-1471

Name: CVE-2001-1471
Creator: NVD / NIST
Published: 2001-07-31T04:00:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.8/10EPSS 7.70%

Last modified Jun 16, 2026

CVE-2001-1471 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement.. EPSS estimates a 7.70% chance of exploitation in the next 30 days.

Description

prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement.

Metrics

CVSS 3.1

8.8/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

7.70%

93.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-665

Affected Software

Vendor	Product	Versions
Phpbb	Phpbb	<= 1.4.0

References

http://archives.neohapsis.com/archives/bugtraq/2001-08/0123.htmlBroken Link
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2001-08/0087.htmlBroken Link
http://www.kb.cert.org/vuls/id/920931Third Party Advisory, US Government Resource
http://www.securityfocus.com/bid/3167Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/6944Third Party Advisory, VDB Entry
http://archives.neohapsis.com/archives/bugtraq/2001-08/0123.htmlBroken Link
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2001-08/0087.htmlBroken Link
http://www.kb.cert.org/vuls/id/920931Third Party Advisory, US Government Resource
http://www.securityfocus.com/bid/3167Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/6944Third Party Advisory, VDB Entry

Timeline

Published: Jul 31, 2001
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2001-1471?

How severe is CVE-2001-1471?

CVE-2001-1471 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 7.70% probability of exploitation in the next 30 days.

How do I fix CVE-2001-1471?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2001-1471?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST